cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1112
Views
0
Helpful
0
Replies

TACACS+ authentication with LOCAL authentication backup problem over VPN

ABaker94985
Spotlight
Spotlight

We have a remote location (3+ hours from the main office) that has an ASA-5508 running 9.8(4). We were troubleshooting a VPN connection, but for whatever reason we lost management access. The site-to-site VPN tunnel is partially up in the sense that some users can pass traffic and I do see bidirectional traffic when issuing the "sh crypto ips sa"; however, the inside firewall interface and the internal L3 switch are not accessible via SSH, ICMP, etc.

 

We can reach the external interface of the firewall and are prompted for credentials, but we cannot authenticate using either the external or local accounts. I've performed a packet capture, and there is no traffic from this location to the TACACS+ server. Does anyone have a clue to what is going on? Here is the authentication configuration:

 

aaa-server TACACS (inside) host 10.1.10.10
  key *
aaa authentication ssh console TACACS LOCAL
ssh 10.1.0.0 255.255.240.0 inside
management-access inside
username cisco password * privilege 15

 

Thank you.

0 Replies 0
Review Cisco Networking for a $25 gift card